Back

Include the threats and risks associated with the system development project in the project feasibility study.


CONTROL ID
11797
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a system design project management framework., CC ID: 00990

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Many systems fail because of poor system design and implementation, as well as inadequate testing. The FI should identify system deficiencies and defects at the system design, development and testing phases. (§ 6.0.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • An emanation security threat assessment is sought as early as possible in a project's life cycle as emanation security controls can have significant cost implications. (Security Control: 0246; Revision: 3, Australian Government Information Security Manual, March 2021)
  • The organization should use threat modeling and other secure design techniques to identify all the threats to the software and mitigations for those threats. (Control: 1238, Australian Government Information Security Manual: Controls)
  • Identify, document and analyse risks associated with the business requirements and solution design as part of the organisation's process for the development of requirements. (AI1.2 Risk Analysis Report, CobiT, Version 4.1)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modelling') and review of industry standards to help determine the full range of security controls required to protect live data (e.g., policies, methods, procedures, devices, or program mechanism… (CF.18.02.03a, The Standard of Good Practice for Information Security)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine specific security controls required by particular business processes supported by systems under development (e.g., encryption of sensi… (CF.18.02.03b, The Standard of Good Practice for Information Security)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine where and how security controls are to be applied (e.g., by integrating with a security architecture and the technical infrastructure)… (CF.18.02.03c, The Standard of Good Practice for Information Security)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine how individual security controls (manual and automated) work together to produce an integrated set of controls. (CF.18.02.03d, The Standard of Good Practice for Information Security)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modelling') and review of industry standards to help determine the full range of security controls required to protect live data (e.g., policies, methods, procedures, devices, or program mechanism… (CF.18.02.03a, The Standard of Good Practice for Information Security, 2013)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine specific security controls required by particular business processes supported by systems under development (e.g., encryption of sensi… (CF.18.02.03b, The Standard of Good Practice for Information Security, 2013)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine where and how security controls are to be applied (e.g., by integrating with a security architecture and the technical infrastructure)… (CF.18.02.03c, The Standard of Good Practice for Information Security, 2013)
  • The system design phase should involve consideration of potential threats (often referred to as 'threat modeling') and review of industry standards to help determine how individual security controls (manual and automated) work together to produce an integrated set of controls. (CF.18.02.03d, The Standard of Good Practice for Information Security, 2013)
  • The availability of AI tools, platforms and libraries can enable the development of AI systems without there being a full understanding of the technology, its limitations and potential pitfalls. (§ 5.4.1 Table 3 Column 2 Row 7 Bullet 4, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)
  • The organization should identify a list of risk sources related to the development or use of AI, or both, within the defined scope. (§ 6.4.2.3 ¶ 1, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)
  • Societal and political implications of the deployment of AI systems, including guidance from social sciences. (§ 5.4.1 Table 2 Column 2 Row 3 Bullet 2, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)
  • The software requirement specifications should clearly identify potential hazards that could result from a software failure and the safety requirements that need to be implemented. (§ 5.2.2 ¶ 3, General Principles of Software Validation; Final Guidance for Industry and FDA Staff, Version 2.0)
  • Containers, including the design for storing data outside of the container and implementation of vulnerability management processes, segmentation, and the ability to monitor containers. (App A Objective 12:5c Bullet 3, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Microservices, including a design process that allows for the use of microservices as an integrated component to overall IT operations and the ability to address the risks of security, reliability, and latency in the entity's development process. (App A Objective 12:5c Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • VMs and the design of secure virtual infrastructures to provide the ability to oversee the interconnectivity and segmentation of VMs. (App A Objective 12:5c Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Hypervisors and the design of where the hypervisors sit and the connectivity between hypervisors and VMs. (App A Objective 12:5c Bullet 2, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Including information security risks when developing, implementing, or updating products. (App A Objective 12:8 d., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Policies documenting risk management controls for the development and acquisition of systems. (App A Objective 12:10 a., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • The volume, nature, and extent of risk exposure to the institution in the area of systems development and acquisition; (TIER II OBJECTIVES AND PROCEDURES B.1 Bullet 3, FFIEC IT Examination Handbook - Audit, April 2012)
  • Organizational teams document the risks and potential impacts of the AI technology they design, develop, deploy, evaluate, and use, and they communicate about the impacts more broadly. (GOVERN 4.2, Artificial Intelligence Risk Management Framework, NIST AI 100-1)
  • Employ [Assignment: organization-defined sources of threat intelligence] as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities. (3.11.1e, Enhanced Security Requirements for Protecting Controlled Unclassified Information, NIST SP 800-172)
  • Prior to installation, a wireless survey should be performed to determine antenna location and strength to minimize exposure of the wireless network. The survey should take into account the fact that attackers can use powerful directional antennas, which extend the effective range of a wireless LAN … (§ 6.2.1.5 ICS-specific Recommendations and Guidance ¶ 1 Bullet 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Cyber resiliency is an active research area. Technologies are being explored to improve the cyber resiliency of cyber-physical systems, high-confidence, dedicated-purpose systems, and large-scale processing environments. The integration of solutions involving new technologies to reduce risks due to … (3.1.8 ¶ 3, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)
  • Determine the potential applicability of cyber resiliency design principles. This involves considering organizational and programmatic risk management strategies to determine which strategic design principles may apply. It also involves considering the architecture, operational context, and threat e… (3.2.1.5 ¶ 1 Bullet 2, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)
  • The selection of cyber resiliency techniques and approaches can be motivated by potential effects on adversary activities or on risk. Two resiliency techniques or approaches listed as both potentially having the same effect may differ in how strongly that effect applies to a given threat event, scop… (3.1.7 ¶ 1, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)
  • The description of a potential solution can include identification of the gaps it is expected to address, the threats (e.g., attack scenarios, adversary objectives or categories of TTPs, or adversary actions) it is intended to address, or the reduced exposure of critical resources, sources of fragil… (3.2.4.1 ¶ 4, NIST SP 800-160, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Volume 2, Revision 1)
  • Use forms of risk modeling – such as threat modeling, attack modeling, or attack surface mapping – to help assess the security risk for the software. (PW.1.1, NIST SP 800-218, Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities, Version 1.1)
  • Determine when to deploy new technology. Timing is critical because there are risks in deploying new technologies too slowly or too rapidly. (¶ 28, Technology Risk Management Guide for Bank Examiners - OCC Bulletin 98-3)